[jira] [Updated] (HDFS-6463) Incorrect permission can be created after setting ACLs

Wed, 28 May 2014 18:40:33 -0700 

     [ 
https://issues.apache.org/jira/browse/HDFS-6463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Aaron T. Myers updated HDFS-6463:
---------------------------------

    Attachment: HDFS-6463.patch

I'm attaching a test case which demonstrates the issue. I believe the trouble 
is in this method in {{AclStorage}}:

{code}
  /**
   * Creates the new FsPermission for an inode that is receiving an extended
   * ACL, based on its access ACL entries.  For a correctly sorted ACL, the
   * first entry is the owner and the last 2 entries are the mask and other
   * entries respectively.  Also preserve sticky bit and toggle ACL bit on.
   *
   * @param accessEntries List<AclEntry> access ACL entries
   * @param existingPerm FsPermission existing permissions
   * @return FsPermission new permissions
   */
  private static FsPermission createFsPermissionForExtendedAcl(
      List<AclEntry> accessEntries, FsPermission existingPerm) {
    return new FsPermission(accessEntries.get(0).getPermission(),
      accessEntries.get(accessEntries.size() - 2).getPermission(),
      accessEntries.get(accessEntries.size() - 1).getPermission(),
      existingPerm.getStickyBit());
  }
{code}

While the comment seems to be correct that the mask and other entries are the 
last two entries in a correctly-sorted list, I believe the bug is that we 
should not be using the mask entry of the ACL at all, and instead should be 
using the group base entry to create the new {{FsPermission}}.

> Incorrect permission can be created after setting ACLs
> ------------------------------------------------------
>
>                 Key: HDFS-6463
>                 URL: https://issues.apache.org/jira/browse/HDFS-6463
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: namenode
>    Affects Versions: 2.4.0
>            Reporter: Aaron T. Myers
>         Attachments: HDFS-6463.patch
>
>
> When setting ACLs for a file or directory, it's possible for the resulting 
> FsPermission object's group entry to be set incorrectly, in particular it 
> will be set to the mask entry. More details in the first comment of this JIRA.
> Thanks to [~szehon] for identifying this issue.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to